Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CVE-2023-45992 PoC — Ruckus Wireless Ruckus CloudPath 跨站脚本漏洞

Source
https://github.com/harry935/CVE-2023-45992
Associated Vulnerability
Title:Ruckus Wireless Ruckus CloudPath 跨站脚本漏洞 (CVE-2023-45992)
Description:Ruckus Wireless Ruckus CloudPath是一种网络访问控制(NAC)解决方案,用于管理网络用户的身份和访问权限,特别是在Wi-Fi网络中。它的目标是提供高级的网络访问管理和安全性功能,确保用户可以安全地连接到网络,并且网络资源受到保护。 Ruckus Wireless Ruckus CloudPath 5.12.54414 版本存在跨站脚本漏洞,该漏洞源于通过精心设计的脚本将权限升级到入门门户中的 macaddress 参数。
Readme
# CVE-2023-45992
A vulnerability in Ruckus CloudPath 5.12 build 5538 or before could allows a remote unauthenticated attacker to obtain full administrator privileges by leveraging Stored Cross-Site Scripting and Cross-Site Request Forgery Vulnerability using a crafted script. On 16 Oct 2023, the vendor has published version 5.12 build 5550 which resolved the vulnerability.
# POC
Technical details of the vulnerability will be published in the future.
# References
https://support.ruckuswireless.com/security_bulletins/322<br>
https://www.cve.org/CVERecord?id=CVE-2023-45992
File Snapshot

 [4.0K]  /data/pocs/3c1003115cff5d6a64dabb2fae81d77677f52730
└── [ 577]  README.md

0 directories, 1 file
Shenlong Bot has cached this for you
Remarks
    1. It is advised to access via the original source first.
    2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).
    3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.